All,
To further this discussion, I created a draft of a possible "key discovery" specification. This draft covers only named origin-specific pre-provisioned keys, since this is the case I am familiar with. However, I would see no problem extending this for other forms of key (so long as there are proponents prepared to do the implementation and specification work on the appropriate timescales.)
I couldn't get this committed to a repository giving you all access via a URL, so the HTML of the specification is attached.
Best regards,
Mark